Why You Should Move To HTTPS

Websites are increasingly being pushed towards using encryption by default. The most recent round of changes has been initiated by Google, who has now ruled that even pages with data collection as innocuous as email newsletter sign-ups should be using the new standard. The new ruling is bound to create numerous problems in the field of website SEO.

The History of HTTP and HTTPS

HTTP has been with us since the dawn of the internet age. It was originally developed by Tim Berners-Lee in 1989. Like most early internet technologies, getting the connection to be made reliably and with a degree of protection against routing problems, was the initial concern of those creating the standards. With no commercial applications at the time and most users being in the academic community, security was not taken as seriously as it is now.

This lack of security later became a problem and led to the creation of the HTTPS standard (also called HTTP over TLS, HTTP over SSL and HTTP Secure). HTTPS provides authentication of both the website and the server. This protects against man-in-the-middle attacks. It also provides encryption of communications between a client and server(and vice-versa), which protects against eavesdropping.

HTTPS can occasionally cause problems for users behind firewalls as it uses a different port (typically port 443) rather than the more common port 80 used for HTTP connections.

Certificate Types

There are two kinds of certificates that allow you to activate the https protocol for your site. TLS (Transport Layer Security) and SSL (Secure Socket Layer). SSL is the predecessor to TLS, it has been subject to some hacks in recent times. Google now advises sites to use TLS 1.2 to ensure security.

HTTPS Use

Whilst HTTPS usage is increasing it is not yet the dominant method of website transport.

SEMRush data suggests that only around 31000 of the top 100,000 site use this method of encryption. However, when we look more closely at the top 5000 sites, there is a push to use this in the more competitive sectors of the web, and particularly amongst sites that trade predominantly with consumers. In most sectors, there is now a correlation between the highest positions for each keyword and the site’s use of encryption.

Free TLS Certificates

There are several ways to get a free certificate. The downside to the free certificate route is that many browsers do not automatically support services such as CACert. This means that warning messages are frequently displayed to the end user despite the improved security.

One way of providing the certification free of charge has been the Let’s Encrypt package backed by the Electronic Frontier Foundation privacy group. The site at letsencrypt.org offers free x.509 certificates for Transport Layer Security. This is sponsored by both the Linux Foundation and Cisco Systems and has proved to be one of the more reliable free services.

Call the HTTPS Experts

HTTPS delivers clear security benefits and is being looked upon favourably by Google. However, for such a complex procedure as moving your site, there are clearly pitfalls.

If you are unsure of how to proceed or are worried about damaging your SEO by moving to a new https address, then it makes sense to call on the expertise of professionals such as DOM Marketing. We have successfully project managed many such moves to HTTPS and are able to advise developers on the SEO impacts of their actions.